DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
VPN Routing. Help required.
- ian855
- Topic Author
- Offline
- New Member
Less
More
- Posts: 8
- Thank you received: 0
25 Mar 2019 12:33 #94281
by ian855
VPN Routing. Help required. was created by ian855
We currently have a site to site IPSEC VPN between a Draytek 3900 and a Cisco ASA at the remote end.
This VPN is to allow access from our office, via RDP, to one system at the Cisco end of the tunnel.
A diagram of our layout can be viewed here.
https://drive.google.com/open?id=1-1Xi4U3g4Er12eCL7_tYv_mfuKWSPtSD
I need to allow a remote dial-in VPN user, whose VPN connects to the 3900, access to the system at the other end of the site to site IPSEC tunnel.
Referring to the diagram, users at point A. can already connect to the system at point C. I need away of allowing the user at point B. access to the system at point C.
By far the easiest way would be to allow the remote dial-in user connect directly to the Cisco, unfortunately I'm explicitly not allowed to do that. I presume I would need to do some routing on the 3900 to direct traffic from the dial-in users VPN to the site to site VPN.
So, my questions are:-
Is this possible?
What would be the best way of achieving the requirement, static routes?, policy routing? etc.
Would someone be able to give enough guidance, based on the requirement and diagram, to get me started please.
Thanks in advance.
This VPN is to allow access from our office, via RDP, to one system at the Cisco end of the tunnel.
A diagram of our layout can be viewed here.
I need to allow a remote dial-in VPN user, whose VPN connects to the 3900, access to the system at the other end of the site to site IPSEC tunnel.
Referring to the diagram, users at point A. can already connect to the system at point C. I need away of allowing the user at point B. access to the system at point C.
By far the easiest way would be to allow the remote dial-in user connect directly to the Cisco, unfortunately I'm explicitly not allowed to do that. I presume I would need to do some routing on the 3900 to direct traffic from the dial-in users VPN to the site to site VPN.
So, my questions are:-
Is this possible?
What would be the best way of achieving the requirement, static routes?, policy routing? etc.
Would someone be able to give enough guidance, based on the requirement and diagram, to get me started please.
Thanks in advance.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
25 Mar 2019 14:01 #94284
by hornbyp
Replied by hornbyp on topic Re: VPN Routing. Help required.
Wild guess (having never used a 3900 or a Cisco ASA 5550) ...
Do you need to tell the Cisco that 192.168.40.0 is accessible via the IPSec VPN (rather than its Default Gateway) ... so that the Return Path works?
Do you need to tell the Cisco that 192.168.40.0 is accessible via the IPSec VPN (rather than its Default Gateway) ... so that the Return Path works?
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek